patina-v20.0.2

What's Changed

• patina: Only include the `alloc` crate when the `alloc` feature is en… @cfernald (#1328)
  
  Change Details

    ## Description

  There already exists an alloc feature, but it is not currently used for anything. This commit uses the alloc feature to gate the inclusion of the alloc crate and the modules that use it.

  The current approach here is to just remove all modules that cannot compile as-is without the alloc crate and making 'alloc' a dependency for top-level features that require this functionality. In the future better top-level classification of categories of support could be created that may require the alloc feature (e.g. DXE), but this is currently pre-mature so the alloc feature alone will be used for now.

  Issue #1318

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Local build and tests

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• patina\_adv\_logger: Refactor core logic from component logic @cfernald (#1323)
  
  Change Details

    ## Description

  Currently the adv logger crate exposes all of the component and integration test, etc. by default. However, for consumers wanting to log to the advanced from more minimal environments, this is not ideal. This commit refactors this base support to be the minimal core logic, and then a component feature on top used by DXE.

  Base: Exposes the core logger logic, and nothing else. Does no use alloc.

  Component: Exposes the component, protocol, and integrations test logic.

  To achieve this, this refactors the write and reader into separate modules and simplifies to use a read-only and write-only paradigm to simplify the wrapper logic.

  With this change, consumers can use patina_adv_logger without default features to get a minimal advanced logger implementation.

  Issue #1318

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • Q35 w/ integration tests
  • Unit tests

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• Update bitfield-struct dep and bump supply-chain audits and exemptions [Rebase \& FF] @makubacki (#1326)
  
  Change Details

    ## Description

  Cargo.toml: Update bitfield-struct from 0.10 to 0.12

  Many other Patina repos are already using v0.12. This updates patina
  to use 0.12 as well to prevent duplicate crate entries as noted by
  cargo deny:

  warning[duplicate]: found 2 duplicate entries for crate 'bitfield-struct'
    ┌─ C:\src\patina-dxe-core-qemu/Cargo.lock:6:1
    │
  6 │ ╭ bitfield-struct 0.10.1 registry+https://github.com/rust-lang/crates.io-index
  7 │ │ bitfield-struct 0.12.1 registry+https://github.com/rust-lang/crates.io-index
    │ ╰────────────────────────────────────────────────────────────────────────────┘ lock entries
  

  ---

  supply-chain: Update cargo vet audits and exemptions

  Run cargo vet regenerate exemptions to update audits and exemptions
  for current dependencies in supply-chain.

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • cargo make vet

  Integration Instructions

  • N/A
    

  
  

  ---

• patina\_dxe\_core: Serialize tests in spin\_locked\_gcd @makubacki (#1320)
  
  Change Details

    ## Description

  Some tests in the module are not acquiring the global test by running the test within test_support::with_global_lock().

  This change wraps the test body in with_global_lock() to ensure that the global lock is held during the test preventing potential issues with global state being modified by other tests running in parallel.

  While all tests use a local GCD instance right now, the static GCD instance is reset between tests as a precaution for future tests.

  ---

  The diff looks like more code changed than actually did because of cargo fmt. The changes include:

  • Wrap tests in spin_locked_gcd with with_locked_state()
  • Call GCD.reset() (per pre-existing documentation) as a precaution for global GCD modification in tests
  • Fix a typo: gdc to gcd
  • cargo make fmt

  ---

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all locally
  • Testing in server CI runs while PR is in draft

  Integration Instructions

  • N/A
    

  
  

  ---

• [REBASE \& FF] Add an Unmerged Free Memory GCD patina\_test @os-d (#1316)
  
  Change Details

    ## Description

  Makefile.toml: Add --all-targets --all-features to check_test

  Currently, the check_code task runs with --all-targets --all-features but the check_test task does not. This can cause errors/warnings to show up in the check_test task that should not be there.

  dxe_core: Combine get_descs functions

  There are currently several get_memory_descriptors() functions, one that gets all descs, one for allocated, one for mmio and reserved and a new one is needed that gets all free descs.

  This commit combines all of these into one function with a filter parameter to specify which descs are needed.

  dxe_core: Tests: Add Unmerged Memory Map Patina Test

  This adds a new patina_test to verify the GCD has all free memory descs correctly merged.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Physical ARM64 platform, Q35.

  Integration Instructions

  Same as all patina_tests. Enable the feature and apply the filter.

    </blockquote>
    <hr>
  </details>
  

• Device path module reorganization [non-functional] @berlin-with0ut-return (#1293)
  
  Change Details

    ## Description Move device path modules into a single unified location (in sdk). Add constructors to manage custom Device Path node types. This PR does not include any functional changes.

  This is based on design described in #1269.
  Resolves #1148.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Passes all existing tests.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• Integrate ACPI Rust implementation @berlin-with0ut-return (#1218)
  
  Change Details

    ## Description This PR provides an integrated Rust implementation of ACPI table functionality.

  • Impacts functionality? - component is not active until instantiated.
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Unit tests, SCT's, integration tests.
  Boot to Windows on Q35 and SBSA..
  Boots to Windows on Intel physical platform.
  Boots to Windows on ARM physical platform.

  Integration Instructions

  The Rust ACPI implementation includes table functionality while AML functionality is preserved in C. The layout is as follows:
  AcpiTableProtocol (Uninstall, Install, Publish) -> Rust
  AcpiGetProtocol (custom) (Get, RegisterNotify) -> Rust
  AcpiSdtProtocol (AML functionality) -> C

  To fully integrate this Rust implementation, the following changes are required:

  • patina: add Rust ACPI implementation (this PR and custom Get protocol (this PR)
  • patina-dxe-core-qemu (or platform equivalent): turn on ACPI component (OpenDevicePartnership/patina-dxe-core-qemu#93)
  • patina-edk2: integrate custom AcpiSdtDxe driver (uses Rust Get implementation, preserves C AML implementation) (OpenDevicePartnership/patina-edk2#15)
  • patina-qemu (or platform equivalent): replace AcpiTableDxe with new AcpiSdtDxe driver (OpenDevicePartnership/patina-qemu#109)
    

  
  

  ---

• patina\_dxe\_core: Add debug assert when merge free memory in memory map. @cfernald (#1315)
  
  Change Details

    ## Description

  This commit adds an assert when merging memory descriptors in the memory map for free memory. Conventional memory should already be coalesced and consistent, and if this is not the case then contiguous free memory cannot be allocated contiguously, which can cause issues when allocated memory, especially by address. This is specifically problematic in Windows where almost all allocations are manually selected and allocated by address because it will cause a failure to allocate what looks to be perfectly fine free memory ranges.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Boot to OS on Q35

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• Remove resolver = 2 @os-d (#1307)
  
  Change Details

    ## Description

  We are currently setting resolver = 2 in most of our Cargo.tomls, however, Rust edition 2024's default resolver version is 3. We appear to have moved to resolver version 2 in the older Rust edition in order to pick up resolver.incompatible-rust-version=fallback support, but this is also the default in resolver version 3. That line will be removed from config.toml in a patina-devops PR.

  This drops the explicit resolver downgrade in all Cargo.tomls except for the top level virtual workspace. This must specify the resolver version because it does not have a package section that specifies the Rust edition to get the default from. This is bumped to 3.

  See https://doc.rust-lang.org/cargo/reference/resolver.html#resolver-versions for details.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

• patina\_adv\_logger: Check for logging static max level in integration test @cfernald (#1306)
  
  Change Details

    ## Description

  When the platform statically disables info level logging, the integration test was still expecting to find info level logs and would fail. This change checks for the static max level and if info level logging is disabled, it ignores the direct message checks.

  OpenDevicePartnership/patina-qemu#167

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested on Q35

  Integration Instructions

  N/A

    </blockquote>
    <hr>
  </details>
  

• Fix ComponentDispatcher TPL level to TPL\_APPLICATION @kat-perez (#1305)
  
  Change Details

    ## Description

  ComponentDispatcher was using TPL_NOTIFY, which prevents component entry points from calling boot services restricted at higher TPL levels. Changed to TPL_APPLICATION.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Existing tests pass. Verified with QEMU Q35 boot.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

• Update logger integration check to allow for messages that are not utf8-decodable. @joschock (#1303)
  
  Change Details

    ## Description

  Update logger integration check to allow for messages that are not utf8-decodable.

  Test will now pass as long as the expected messages generated by the test are present in the log, in the right order, and those messages (ignoring others) are utf8-decodable.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  AdvLogger integration test now passes in the presence of non-UTF8-decodable entries.

  Integration Instructions

  N/A
  

  
  

  ---

  
  

🐛 Bug Fixes

• patina\_dxe\_core: Leak hobs buffer in create\_dxe\_core\_hob() @makubacki (#1321)
  
  Change Details

    ## Description

  The create_dxe_core_hob() test helper in image.rs constructs a Vec<u8> containing HOB data, then passes the buffer pointer to HobList::discover_hobs().

  When create_dxe_core_hob() returned, the Vec was dropped and its memory freed, leaving the returned HobList<'static> holding dangling references.

  When PI_DISPATCHER.init() later iterated the HobList during install_dxe_core_image(), it read from freed memory, causing non-deterministic behavior.

  The freed memory may not always be immediately reused by the allocator, the point where it became an issue could vary.

  This change leaks the Vec before calling discover_hobs(), so that the memory buffer lives for a 'static lifetime and the references in HobList remain valid.

  Looks to be related to a refactor in f9fd281 where HOB logic was consolidated from local test functions into create_dxe_core_hob().

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all
  • Run unit tests on fork
    • Before changes: ubuntu-latest passed 1/5 times
    • After changes: ubuntu-latest passed 10/10 times

  Integration Instructions

  • N/A
    

  
  

  ---

• dxe\_core: Fix TPL Inversion in initialize\_system\_table @os-d (#1312)
  
  Change Details

    ## Description

  Commit e013eee changed the TPLMutex level of the component dispatcher to TPL_APPLICATION instead of TPL_NOTIFY. However, the component dispatcher is invoked when the TPL has been raised to TPL_NOTIFY by the system table lock in patina_dxe_core\lib.rs. This causes a TPL inversion and panics.

  This fixes that by dropping the system table lock (lowering the TPL) before attempting to use the component dispatcher.

  Fixes #1311

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  Tested by observing the failure on Q35, applying the fix, then booting to Windows.

  Integration Instructions

  N/A.

    </blockquote>
    <hr>
  </details>
  

📖 Documentation Updates

• docs: Add requirement 3.4 to Patina DXE Core checklist @makubacki (#1325)
  
  Change Details

    ## Description

  Commit 214f02a added Patina DXE Core requirement 3.4. This commit adds that requirement to the checklist.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  • cargo make all

  Integration Instructions

  • N/A
    

  
  

  ---

• [RFC - FCP]: Reorganize Device Path Libraries @berlin-with0ut-return (#1269)
  
  Change Details

    ## Description See RFC for more details. Addresses https://github.com//issues/1148 by consolidating and reorganizing Device Path functionality.

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  N/A.

  Integration Instructions

  N/A.
  

  
  

  ---

  
  

• Add Handle component parameter type @kat-perez (#1304)
  
  Change Details

    ## Description

  Add Handle component parameter type for accessing the DXE Core image handle in component entry points (e.g., as parent handle for LoadImage()).

  • Impacts functionality?
  • Impacts security?
  • Breaking change?
  • Includes tests?
  • Includes documentation?

  How This Was Tested

  cargo check -p patina --features mockall passes

  Integration Instructions

  Components use Handle or Option<Handle> as entry point parameters. DXE core must call storage.set_image_handle(handle) for it to resolve.
  

  
  

  ---

  
  

Full Changelog: patina-v20.0.1...v20.0.2